From d468e2f524022b1b1e5fe0e1d58a4efcc6583545 Mon Sep 17 00:00:00 2001 From: Keuin Date: Sun, 22 Oct 2023 23:21:00 +0800 Subject: bugfix: SQL syntax error in some environment --- src/main/java/com/keuin/blame/lookup/QueryExecutor.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/main/java/com/keuin/blame/lookup/QueryExecutor.java b/src/main/java/com/keuin/blame/lookup/QueryExecutor.java index da25064..e11cdda 100644 --- a/src/main/java/com/keuin/blame/lookup/QueryExecutor.java +++ b/src/main/java/com/keuin/blame/lookup/QueryExecutor.java @@ -30,7 +30,7 @@ public class QueryExecutor { // ClickHouse driver's parameterized SQL generator is a piece of shit. // I won't use that. Use string interpolation instead. var sql = "select subject_id, object_id, action_type, ts"; - sql += " from " + escape(DatabaseUtil.DB_CONFIG.getTable()); + sql += " from " + escapeIdentifier(DatabaseUtil.DB_CONFIG.getTable()); sql += " where subject_world=%s and object_x=%d and object_y=%d and object_z=%d".formatted( escape(world), x, y, z ); @@ -47,6 +47,10 @@ public class QueryExecutor { return "'" + s.replace("\\", "\\\\").replace("'", "\\'") + "'"; } + private static String escapeIdentifier(String s) { + return "\"" + s.replace("\\", "\\\\").replace("\"", "\"\"") + "\""; + } + public void byBlockPos( String world, long x, long y, long z, -- cgit v1.2.3